Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29201

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00758EPSS
Exploits1References2
NVD
NVD
added 2025/09/15 5:15 p.m.6 views

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

9.8CVSS0.00758EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/15 4:12 p.m.11 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS0.00758EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.19 views

Apache Solr 4.0.0 < 4.10.4 XML Resource Consumption Attack

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...

7.5CVSS7.5AI score0.07505EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/01/09 6:38 p.m.24 views

CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

7.5CVSS3.4AI score0.07505EPSS
Exploits1References3
NVD
NVD
added 2019/09/10 3:15 p.m.32 views

CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

7.5CVSS7.4AI score0.07505EPSS
Exploits1References11
Prion
Prion
added 2019/09/10 3:15 p.m.24 views

Design/Logic Flaw

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

5CVSS7.4AI score0.07505EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2019/09/10 2:6 p.m.42 views

CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

7.4AI score0.07505EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.5 views

PT-2019-12786 · Apache · Solr

Name of the Vulnerable Software and Affected Versions: Solr versions 1.3.0 through 1.4.1 Solr versions 3.1.0 through 3.6.2 Solr versions 4.0.0 through 4.10.4 Solr versions prior to 5.0.0 Description: The issue allows for an XML resource consumption attack, also known as a Lol Bomb, via the update...

7.5CVSS7.4AI score0.07505EPSS
Exploits1References22
Rows per page
Query Builder